[cap-talk] keyrings and bootstrapping capabilities
Norman Hardy
norm at cap-lore.com
Mon May 28 22:47:17 EDT 2007
Norman Hardy
norm at cap-lore.com
Nothing has an uglier look to us than reason, when it is not on our
side.
Lord Halifax
On 2007 May 28, at 4:37 PM, Jed Donnelley wrote:
> At 12:40 PM 5/28/2007, Norman Hardy wrote:
>> Thanks Jed for the additional background.
>>
>> On 2007 May 28, at 12:25 AM, Jed Donnelley wrote:
>> ........
>>> If, however, one is given access to a directory without
>>> the "free access" right, then all access rights that are
>>> turned off in the directory capability itself are turned
>>> off in the fetched capabilities before being returned
>>> in response to "fetch" requests.
>>>
>> Of what use is such a returned capability?
>> Perhaps rights amplification was necessary to use it.
>> Keykos did not use this pattern but the kernel could support it.
>>
>> ......
>
> The canonical example is with directory or file capabilities
> that have their "write" access permission turned off when they
> are fetched through a directory capability without the "free
> access" permission - because neither the "write" permission
> nor the "free access" permission is in the base directory.
Sorry, I didn't read your definition closely enough the first time.
More information about the cap-talk
mailing list